Welcome Guest, Not a member yet? Register   Sign In
Form Validation / prepping for insert

I have a question about form validation in CI.

There is a nice set of form validation fuctions here:

Among the things you can do with these functions is prep your data for insert using things like "trim" and "xss_clean".

My question is, once you have used trim or xss_clean on your data, what should you actually insert into your table? Do you insert the data from $this->input->post('myfield') or do you insert from $this->validation->myfield? Or could I just insert the $_POST data? Which object actually gets affected by the data prep functions?

I think it's all the above. From what I remember seeing in validation class, the same data ends up in all three; $this->input->post(’myfield’), $this->validation->myfield, $_POST['myfield'].

How do you use prepping functions?
The user guide is very vague. Do I use them in the view or somewhere else? Usage example would be ideal.

[eluser]Eric Cope[/eluser]
You use them in the controller. Look for "Repopulating the Form". There is a section of code in the controller that demos everything.

Then maybe I'm doing something wrong.
$rules['username']    = "required|prep_for_form";

I enter this into my username input field of the form
"> [removed]alert("CAN BE XSSd")[removed] /*

Submit, validation fails (obviously), but the repopulation breaks the HTML. I was assuming based on the functions description, that it would escape the special HTML characters.

Theme © iAndrew 2016 - Forum software by © MyBB